Fake 'Star Wars: The Rise of Skywalker' Streams Are Stealing Credit Cards

Cybersecurity researchers have uncovered a new spin on an old scam—promising to let you watch the new ‘Star Wars’ in exchange for your credit card.
December 19, 2019, 5:10pm
Daisy-Ridley-as-Rey-in-Star-Wars-The-Rise-of-Skywalker

Cybercriminals love a good media event. Scammers use popular television shows like Game of Thrones or movies like Star Wars as vectors to spread malware and phish personal information from people online. The more popular the movie or TV show, the easier it is to trick people into giving up their personal information for a chance to see it early or without paying. Star Wars: The Rise of Skywalker is just the latest bait on the hook. If you see someone online offering a stream of the movie, it could be a phishing attempt.

Researchers at the cybersecurity and antivirus company Kaspersky Lab found more than 30 websites and social media profiles attempting to phish Star Wars fans. The scam sites promise users the chance to watch Star Wars: the Rise of Skywalker for free before its theatrical release, but collect a users’ credit card data, claiming the numbers are necessary to start the stream.

In a press release about the scam, Kaspersky noted that the fake Star Wars sites do a good job of mimicking the official web presence of major movies. They often copy the images, layout, and description of the movies so thoroughly that it’s hard to tell its fake at first blush.

1576775105175-star-wars-1

Image: Kaspersky Lab

1576775118977-star-wars-2

Image: Kaspersky Lab

“Such practice is called ‘black SEO,’ which enables criminals to promote phishing websites high up in search engine results,” Kasperksy said in its press release.

To add to the credibility of the fraudulent sites, scammers also set up fake social media accounts which link back to the content. “So far, 83 users have already been affected by 65 malicious files disguised as copies of the upcoming movie,” Kasperksy said.

Star Wars has been popular bait for scammers in 2019. According to Kaspersky, it’s detected 285,103 attempts to infect 37,772 users by promising them a way to watch Star Wars films this year. That’s up 10 percent from 2018.

“It is typical for fraudsters and cybercriminals to try to capitalize on popular topics, and Star Wars is a good example of such a theme this month. As attackers manage to push malicious websites and content up in the search results, fans need to remain cautious at all times,” Tatiana Sidorina, a security researcher at Kaspersky, said in a press release. “We advise users to not fall for such scams and instead enjoy the end of the saga on the big screen.”